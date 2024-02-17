In a concerning turn of events for iPhone users worldwide, iOS security has been rattled by the emergence of the first-ever banking Trojan tailored specifically for Apple devices. Dubbed GoldPickaxe, this malicious software, originally known as the Android Trojan GoldDigger, has evolved with advanced features designed to facilitate the unauthorized draining of bank accounts of users with iPhones.

According to a report by TechRadar, first identified in October, GoldPickaxe has now surfaced with capabilities to infiltrate iOS devices, specifically targeting iPhone users. The Trojan is equipped with the ability to harvest sensitive data such as facial recognition information, identity documents, and intercepted text messages, all aimed at streamlining the pilfering of funds from various banking and financial applications.

The report from the publication suggests that the obtained biometric data is leveraged to create AI deepfakes, enabling cybercriminals to impersonate victims effectively and gain unauthorized access to their bank accounts. While currently confined to targeting victims primarily in Vietnam and Thailand, the potential success of this campaign raises concerns about the expansion of operations to include iPhone and Android users in English-speaking countries such as the U.S. and Canada.

One of the most notable aspects of the GoldPickaxe Trojan is its unprecedented method of entry into iOS devices. While infiltrating Android devices often involves malicious apps and phishing tactics, compromising iPhones proves more challenging due to Apple's closed ecosystem. However, hackers managed to exploit Apple's mobile application testing platform, TestFlight, to distribute the GoldPickaxe.IOS Trojan initially. Following its removal from TestFlight, hackers resorted to social engineering techniques, convincing victims to install a Mobile Device Management (MDM) profile, thus granting complete control over the compromised iPhone.

Attributed to a single threat actor named GoldFactory, responsible for developing both GoldPickaxe versions, cybersecurity firm Group-IB uncovered a new variant named GoldDiggerPlus. This upgraded malware allows hackers to make real-time calls on infected devices, adding a concerning dimension to the evolving threat.

To combat the growing threat of iOS malware, users are advised to exercise caution and follow essential security measures. This includes refraining from installing apps through TestFlight unless necessary, being wary of installing Mobile Device Management profiles unless explicitly requested by employers for company-issued iPhones, and considering the use of malware scanning solutions when connected to a Mac via USB cable. Additionally, enabling Lockdown Mode and activating Apple's Stolen Device Protection can further enhance device security against potential threats.

